🔥 Ransomware cartels are sharing weapons.

A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.

Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.

Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.

🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html

🚨 Phishing just got personal.

A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).

It’s global, stealthy, and drops stolen creds via Telegram.

👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.

🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html

🚨 Firefox users, update now!

A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild.

📖 Full story: https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html

🔒 Patch now | Spread the word | Stay safe

🚨 Crypto devs, beware!

Hackers hijacked 12+ popular npm packages—some live for 9+ years—to steal secrets like API keys & SSH tokens.

Root cause? Likely old maintainer accounts compromised via leaked credentials.

📎 Details: https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html

🔒 Rotate keys. Audit deps. Enforce 2FA.

👀 “Let’s chat…” said the spy app.

A fake chat app named SangaalLite secretly ran a nearly 2-year Android spyware campaign, targeting Taiwanese users with a military-grade malware called PJobRAT.

📱 Disguised as chat apps like SangaalLite
🕵️‍♀️ Steals texts, photos, contacts, and more

🧠 Originally used romantic lures, now upgraded to run shell commands & hijack Firebase for stealthy control.

🔗 Dig deeper: https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html

🔥 Backups are NOT business continuity.

When disaster strikes, your data must be recoverable—fast. That’s why 50%+ of orgs plan to ditch basic backup in 2025.

Datto BCDR offers a smarter path: tested backups, instant recovery, and a cloud built just for disasters.

🔗 Read how it works: https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html

🚨 New Malware Alert: CoffeeLoader is brewing trouble.

This stealthy loader evades AV/EDR using GPU execution, sleep obfuscation, and call stack spoofing.

It masquerades as ASUS Armoury Crate to slip in undetected, runs every 10 minutes, and delivers second-stage payloads via HTTPS—like Rhadamanthys.

🔗 Learn more: https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html

🛑 Hackers can now hijack solar power systems.

46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet.

😬 One trick? Reset accounts to default password: 123456

🔗 Details: https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html

Organizations are shifting their GRC (Governance, Risk, and Compliance) strategies from reactive to proactive. Hyperproof’s 6th annual IT Risk and Compliance Benchmark Report reveals that 91% of companies now have centralized GRC teams, and 72% plan to grow their compliance teams in 2025.

With rising regulatory demands, companies investing in risk management aren’t just avoiding fines—they’re driving operational excellence and strategic growth.

Want to see where you stand? Use Hyperproof's new GRC Maturity Model (https://thn.news/grc-maturity-evaluation) to assess your compliance readiness and make a business case for improvement.

📥 Get the report here: https://thn.news/it-compliance-benchmarks

🔥 Hackers got hacked.

BlackLock, a top ransomware gang in 2025, just got owned—by threat hunters who found a fatal flaw in their infrastructure.

exposing...
➡️ Real IPs behind their hidden servers
➡️ Command history showing OPSEC fails
➡️ Credentials, configs, and MEGA storage accounts used for exfil

👀 Turns out, DragonForce—another ransomware crew—also hacked BlackLock’s site last week, leaking internal chats and configs.

Read: https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html

🚨 New Android threat spotted: Crocodilus malware is targeting users in Spain and Turkey, posing as Google Chrome to hijack phones.

• Bypasses Android 13+ protections
• Abuses Accessibility to steal credentials
• Records screen & key actions
• Remotely controls the device
• Hides with black screen overlays

📱 Targets banks + crypto wallets

🔗 Learn how it works: https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html

🚨 New Malware: RESURGE

China-linked hackers are exploiting Ivanti VPNs via CVE-2025-0282.

🛠️ RESURGE = rootkit + bootkit + web shell
🎯 Hits critical infrastructure
🔍 Linked to UNC5337 & Silk Typhoon

Patch now | Ivanti <22.7R2.5 is vulnerable

Full CISA alert: https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html

🚨 Russia-linked hackers Gamaredon are using fake war docs to drop Remcos RAT on Ukrainian systems.

🪤 ZIP → LNK → PowerShell → DLL side-loading → full access

Meanwhile, another phishing op is posing as the CIA to trick pro-Ukraine Russians into handing over personal info via Google Forms.

Two fronts. One strategy.

Learn more: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html

⚡ THN Weekly Recap – This Week in Cyber:

– Chrome 0-Day exploited in the wild
– Kubernetes RCE nightmare exposed
– Solar inverters at risk of blackouts
– Rclone-powered leak site breached
– DNS-based phishing just got stealthier

📩 Catch up now: https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html

🚨 AWS doesn't secure your cloud—you do. Most cloud breaches happen because customers miss what's theirs to protect.

5 silent risks you're likely exposed to:
• SSRF attacks
• Leaky S3 buckets
• Over-permissive IAM
• Unpatched EC2
• Public-facing services

AWS secures the foundation. You secure the rest.

👉 Start scanning in minutes → https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html

🚨 Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites.

Also, add these to the list of 2024's major WordPress threats:
CVE-2024-27956 | SQL injection
CVE-2024-25600 | RCE in Bricks theme
CVE-2024-8353 | PHP injection
CVE-2024-4345 | Arbitrary file upload

If you run a WordPress site, check your mu-plugins folder NOW.

🛡️ Full story: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html

🚨 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp.

They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems.

👀 Targets? Your data, credentials, and even crypto wallets.

💀 Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook.

🔗 Learn more: https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

🔥 Apple hit with €150M fine for “biased” privacy rules.

France says Apple’s App Tracking Transparency (ATT) gave itself a privacy pass—while forcing rivals through a double-consent maze.

Regulators call it unfair, confusing, and not truly neutral.

https://thehackernews.com/2025/04/apple-fined-150-million-by-french.html

A China-linked hacking group, Earth Alux, is hitting key sectors in Asia-Pacific and Latin America with stealthy, advanced cyberattacks.

🛠 Tools & Tactics:
• VARGEIT: A backdoor hidden in mspaint.exe, used for spying and data theft
• COBEACON (Cobalt Strike): Initial access
• MASQLOADER: Evades security detection
• Uses 10+ covert communication channels, including Microsoft Outlook drafts

👉 Learn more: https://thehackernews.com/2025/04/china-linked-earth-alux-uses-vargeit.html

Stay alert. These attacks are live.

🔥 23,958 IPs. 10 days. One target: Palo Alto GlobalProtect.

A massive spike in login scans hints at coordinated recon—and possible exploitation ahead.

If you run GlobalProtect, this is your early warning. Audit & harden exposed portals now.

🔗 Full story: https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html

🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days—and yes, even your dusty iPhone 6s is getting a fix.

🛡️ What's at stake?
• CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox
• CVE-2025-24085 (7.3): Apps hijacking system privileges
• CVE-2025-24200 (4.6): Bypassing USB Restricted Mode—hello physical attacks

🔥 Why now? These bugs are being actively exploited in the wild.

🔗 Full list + device breakdown: https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html